Skip to main content

parse

Parse and inspect local certificate and key files. Decodes PEM and PFX/PKCS#12 files and pretty-prints their contents.

Usage

r4t parse <subcommand> <file> [flags]

Subcommands

parse pem

Decode and display a PEM-encoded certificate or certificate chain. 
# Parse a PEM certificate
r4t parse pem /tmp/user.crt

# Parse a PEM file with a separate private key
r4t parse pem /tmp/user.crt --key /tmp/user.key

# Parse a PEM that contains the full chain (cert + intermediates + key)
r4t parse pem /tmp/chain.pem
FlagShortDescription
--key-kPath to a separate PEM private key file
Displays:
  • Subject and Issuer DNs
  • Serial number
  • Validity period (Not Before / Not After)
  • Subject Alternative Names (DNS, IP, UPN, Email)
  • Extended Key Usage (EKU) OIDs
  • Key usage flags
  • CA flag and path length constraint
  • Whether a private key is present

parse pfx

Decode and display a PKCS#12 / PFX file. 
# Parse a PFX with no password
r4t parse pfx /tmp/user.pfx

# Parse a PFX with a password
r4t parse pfx /tmp/user.pfx --password 'P@ssword1'

# Parse a non-standard PFX (legacy mode)
r4t parse pfx /tmp/legacy.pfx --legacy
FlagShortDescription
--password-pPassword for the PFX file (leave empty for passwordless)
--legacyUse legacy decode mode for non-standard / older PFX files
Displays:
  • All certificates in the PFX (leaf + chain)
  • Private key presence and type
  • Subject and Issuer for each certificate
  • SANs, EKUs, and validity for each certificate
  • Friendly names and bag attributes

Use Cases

# Verify a certificate obtained via adcs req
r4t parse pfx /tmp/admin.pfx

# Check the UPN SAN in a certificate before using it for PKINIT
r4t parse pem /tmp/user.crt

# Inspect a certificate from a stored credential
r4t creds list --auth  # note the pfx_file path
r4t parse pfx /path/from/creds/list